From 7d6774149c0f8f85ba7bab784c9e93e258b27970 Mon Sep 17 00:00:00 2001 From: Christoph Date: Tue, 10 Dec 2024 14:17:36 +0100 Subject: [PATCH] Change add (default) ssh key fot ssh-agent. --- .gitignore | 2 + conf/rcopy.conf.01 | 276 +++++++++++++++++++++++++++++++++++++++++ conf/rcopy.conf.sample | 2 + rcopy.sh | 13 +- 4 files changed, 291 insertions(+), 2 deletions(-) create mode 100644 conf/rcopy.conf.01 diff --git a/.gitignore b/.gitignore index 64a5c72..aa85be3 100644 --- a/.gitignore +++ b/.gitignore @@ -8,3 +8,5 @@ /hosts/*.sh /hosts/BAK/* /hosts/deleted/* +/hosts/OLD-Backup-Host/* +/hosts/Not_Yet-Moved/* diff --git a/conf/rcopy.conf.01 b/conf/rcopy.conf.01 new file mode 100644 index 0000000..63676e7 --- /dev/null +++ b/conf/rcopy.conf.01 @@ -0,0 +1,276 @@ +####################################################### +## Configuration-file for remote backupscript ## +####################################################### + +# --------------------------------------------------- # +# -------------------- Variable --------------------- # +# + +## - Lock directory exists, until the script ends. So +## - we can check, if a previos instanze is already running. +## - +## - That directory is also userd for temporary files +## - +LOCK_DIR=/tmp/rcopy.lock + +## -------------------------------------- +## - variables only used in parent script +## - + +PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + +BACKUP_HOST=`hostname -f` + +HOME_DIR=$HOME +AGENT=/tmp/.agent-$USER.sh + +admin_email="argus@oopen.de" +from_address="backup@`hostname -f`" +company="o.open" +content_type='Content-Type: text/plain;\n charset="utf-8"' + +restart_samba_service=false +samba_exe=/usr/local/samba/sbin/samba +samba_init_script=/etc/init.d/samba4 + + +## -------------------------------- +## - variables, used in subshells.. +## - + +#REMOTE_USER=back + +crontab_base_dir=$rcopy_base_dir +hosts_base_dir=$crontab_base_dir/hosts + + +extern_usb_disk=false +extern_sata_disk=false + +# - A separate disk for backups that must be mounted for the backup process. +# - +intern_disk=false + +# - remote_disk +# - +# - - You need a fstab-entry in order to mount the backup partition +# - - Configure 'backup_mountpoint' +# - +remote_disk=false + +## - if backup partion cannot be determined, try this one.. +## - +_backup_partition="" +backup_mountpoint="" + +## - Should check, if backup partion is mounted ? usefull if +## - backup partion is not automounted after restart. +## - +check_mountpoint=false + +base_label_name="" + + +## - if encrypted backup partition +## - +crypto_backup_device=false +crypto_key_file="" +backup_partition_name=backup +#mount_flags="-o user_xattr,acl,barrier=1" +mount_flags="" + + +backup_partition= +disk_identifier= +_found=false + +if $crypto_backup_device ; then + + backup_raw_partition=$_backup_partition + backup_partition="/dev/mapper/${backup_partition_name}" + +elif $extern_usb_disk || $extern_sata_disk || $intern_disk ; then + + ## - In case of unencrypted (and labeled) extern backup disc + ## - + if [ -d "/dev/disk/by-label" ]; then + backup_partition=$(realpath /dev/disk/by-label/`ls /dev/disk/by-label | grep -i $base_label_name`) + [[ "X${backup_partition}" != "X$(realpath /dev/disk/by-label/)" ]] && _found=true + fi + + ## - Otherwise, assuming the backup disc is the alphabetic last attached device + ## - in device list + ## - + if ! $_found ; then + + for file in `ls /dev/disk/by-uuid` ; do + _disk=`basename $(realpath /dev/disk/by-uuid/$file) | grep -e "^sd"` + [[ "X" = "${_disk}X" ]] && continue + [[ "$disk_identifier" < "$_disk" ]] && disk_identifier=$_disk + done + + if [ "X$disk_identifier" = "X" ]; then + + ## - Backup device could not be detected, so we will try the (above) given one.. + ## - + backup_partition=$_backup_partition + + else + backup_partition=/dev/$disk_identifier + fi + + fi + +elif $remote_disk ; then + + backup_resource="$(grep "$backup_mountpoint" /etc/fstab | grep -v -E "\s*#" | awk '{print$1}' | head -1)" + +fi + +## - send reminder for changing the backup disk +## - +#send_reminder=true +send_reminder=false +reminder_day="Montag" ## - maybe you have set to "Monday" +reminder_email="" +reminder_email_2="" + +#backup_base_dir=${backup_mountpoint}/backup +backup_base_dir=/backup + +## - logging backup durations in an different file +## - NOTICE: +## - because of the process number in the filename, take care, not to +## - override it by child processes, which also read this file +## - +## - for a better looking, define a right hand tab stop +## - +if [ -z "$logDuration" ];then + logDuration=${LOCK_DIR}/duration.log +fi +right_tabstop=65 + + +info_file="/tmp/LAST_BACKUP_archiv.info" +> $info_file + + +## - Give global rsync arguments here. Maybe you wish +## - to exclude some files or diredtories +## - +## - Exclude from transfering +## - +## - **/dev/*random +## - *.log +## - *.log.[0-9] +## - *.log.[0-9],gz +## - *.log.[0-9][0-9].gz +## - **/sessions/* +## - **/*.[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]-[0-9][0-9][0-9][0-9]* +## - +rsync_progArgs=" + --exclude **/dev/*random + --exclude *.log + --exclude *.log.[0-9] + --exclude *.log.[0-9].gz + --exclude *.log.[0-9][0-9].gz + --exclude **/sessions/* + --exclude **/*.[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]-[0-9][0-9][0-9][0-9]* + --delete-excluded +" + +## - Note: +## - If backup device is on remote host, then rsync needs arguments: +## - +if $remote_disk ; then + rsync_progArgs="--omit-link-times --munge-links $rsync_progArgs" +fi + + +## - force to create level 1 backups. the backups are not cascaded, they +## - all are direct related to the complete one. +## - +force_level_1=true + + +## - What to do +## - Note: 1) without mirroring no archiving will be done +## - 2) in case of database backup only the parameter +## - "MIRROR" will be considered +## - +MIRROR=true +ARCHIVE=true + +## - how long to hold backup-files ? +## - +days=14 + +# a bigger (integer-)value for_DEBUG "1"results in more +# infomation, written to the logFile +# +# possible values: 0 , 1 or 2 +# +_DEBUG=0 + +# if _TEST is set to "1", nothing will be done. instead +# rsync will just report the actions it would have +# taken to the $logFile +# +_TEST=0 + +export LOCK_DIR admin_email from_address content_type company hosts_base_dir intern_disk extern_usb_disk extern_sata_disk remote_disk crypto_backup_device backup_base_dir backup_partition backup_resource check_mountpoint info_file logFile logDuration right_tabstop disk_label_log_file rsync_progArgs force_level_1 MIRROR ARCHIVE days _DEBUG _TEST + +# +# ------------------ Ende Variable ------------------ # +# --------------------------------------------------- # + + + +# --------------------------------------------------- # +# -------------------- Programme -------------------- # +# +basename=`which basename` +dirname=`which dirname` +awk=`which awk` +cat=`which cat` +cryptsetup=`which cryptsetup` +cut=`which cut` +date=`which date` +dd=`which dd` +e2fsck=`which e2fsck` +find=`which find` +fdisk=`which fdisk` +grep=`which grep` +gzip=`which gzip` +hdparm=`which hdparm` +logrotate=`which logrotate` +mkdir=`which mkdir` +mount=`which mount` +mv=`which mv` +parted=`which parted` +ps=`which ps` +rm=`which rm` +rsync=`which rsync` +scp=`which scp` +sgdisk=`which sgdisk` +ssh=`which ssh` +sort=`which sort` +tar=`which tar` +tune2fs=`which tune2fs` +umount=`which umount` +sfdisk=`which sfdisk` +su=`which su` +sudo=`which sudo` +sort=`which sort` +sync=`which sync` +touch=`which touch` + +ssh_opts='-o ControlMaster=auto -o ControlPath=/root/.ssh/%r@%h:%p -o ControlPersist=60' +if [[ -n "$ssh" ]] ; then + ssh="$ssh -n $ssh_opts" +fi + +export basename dirname awk cat cryptsetup cut date dd e2fsck find fdisk grep gzip hdparm logrotate mkdir mount mv parted ps rm rsync scp ssh sort tar tune2fs umount sfdisk sgdisk su sudo sort sync touch +# +# ------------------ Ende Programme ----------------- # +# --------------------------------------------------- # diff --git a/conf/rcopy.conf.sample b/conf/rcopy.conf.sample index b3ebd29..8fd9aca 100644 --- a/conf/rcopy.conf.sample +++ b/conf/rcopy.conf.sample @@ -24,6 +24,8 @@ BACKUP_HOST=`hostname -f` HOME_DIR=$HOME AGENT=/tmp/.agent-$USER.sh +SSH_KEY=/root/.ssh/id_ed25519-backup + admin_email="" from_address="backup@`hostname -f`" company="" diff --git a/rcopy.sh b/rcopy.sh index 0174ec1..76fad2c 100755 --- a/rcopy.sh +++ b/rcopy.sh @@ -13,6 +13,8 @@ manual=${manual:=false} ## - USER=$LOGNAME +DEFAULT_SSH_KEY="/root/.ssh/id_ed25519-backup" + ## - global configuration for the remote backup-script ## - rcopy_base_dir="$(realpath $(dirname $0))" @@ -46,10 +48,12 @@ fi NO_NEW_BACKUP=false ONLY_BACKUP=false MANUAL=false -while getopts BhNm opt ; do +while getopts Bhk:Nm opt ; do case $opt in B) ONLY_BACKUP=true ;; + k) SSH_KEY=$OPTARG + ;; m) MANUAL=true ;; N) NO_NEW_BACKUP=true @@ -60,6 +64,10 @@ while getopts BhNm opt ; do esac done +if [[ -z "${SSH_KEY}" ]] ; then + SSH_KEY="${DEFAULT_SSH_KEY}" +fi + if $ONLY_BACKUP && $NO_NEW_BACKUP ; then fatal "Parameter '-B' AND '-N' is not possible." fi @@ -249,7 +257,8 @@ fi if [ ! -O $AGENT ] || ! ps ax | grep ssh-agent | grep -v grep > /dev/null ; then killall ssh-agent > /dev/null 2> /dev/null rm -f $AGENT - ssh-agent > $AGENT; . $AGENT > /dev/null ; ssh-add > /dev/null 2>&1 + eval "$(ssh-agent -s)" > /dev/null 2>&1 ; ssh-add ${SSH_KEY} > /dev/null 2>&1; + #ssh-agent > $AGENT; . $AGENT > /dev/null ; ssh-add > /dev/null 2>&1 fi